Debian Security Advisory

nis -- local exploit

The version of nis as distributed in Debian GNU/Linux 2.1 and 2.2
contains a ypbind package with a security problem.

ypbind is used to request information from a nis server which is then
used by the local machine. The logging code in ypbind was vulnerable to a
printf formatting attack which can be exploited by passing ypbind a
carefully crafted request. This way ypbind can be made to run arbitrary
code as root.

This has been fixed in version 3.5-2.1 for Debian GNU/Linux 2.1 and
version 3.8-0.1 for Debian GNU/Linux 2.2.

Note: At this moment, slink security updates for alpha and sparc are no
longer being made. Support for i386 and m68k will continue until the end of
this month.